[Openvpn-devel] [PATCH v4] crypto_openssl: Fix various conversion warnings

Fri, 16 Jan 2026 09:21:04 -0800 

From: Frank Lichtenheld <[email protected]>

EVP_CIPHER_CTX_flags is documented to output
int in OpenSSL, but is actually unsigned long
in OpenSSL 3.
In libressl it is correctly documented to output
unsigned long.

Change-Id: I99bc4692526f9143a913e29b266a1816295dfd51
Signed-off-by: Frank Lichtenheld <[email protected]>
Acked-by: Gert Doering <[email protected]>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1446
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1446
This mail reflects revision 4 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <[email protected]>

        
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index ec0269c..19359f3 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -896,11 +896,6 @@
     return EVP_CIPHER_CTX_mode(ctx);
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
 bool
 cipher_ctx_mode_cbc(const cipher_ctx_t *ctx)
 {
@@ -909,7 +904,7 @@
         return false;
     }
 
-    int flags = EVP_CIPHER_CTX_flags(ctx);
+    unsigned long flags = EVP_CIPHER_CTX_flags(ctx);
     int mode = EVP_CIPHER_CTX_mode(ctx);
 
     return mode == EVP_CIPH_CBC_MODE
@@ -940,7 +935,7 @@
 {
     if (ctx)
     {
-        int flags = EVP_CIPHER_CTX_flags(ctx);
+        unsigned long flags = EVP_CIPHER_CTX_flags(ctx);
         if (flags & EVP_CIPH_FLAG_AEAD_CIPHER)
         {
             return true;
@@ -995,8 +990,8 @@
 cipher_ctx_final_check_tag(EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, 
uint8_t *tag,
                            size_t tag_len)
 {
-    ASSERT(tag_len < SIZE_MAX);
-    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
+    ASSERT(tag_len < INT_MAX);
+    if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, (int)tag_len, tag))
     {
         return 0;
     }
@@ -1004,10 +999,6 @@
     return cipher_ctx_final(ctx, dst, dst_len);
 }
 
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic pop
-#endif
-
 /*
  *
  * Generic message digest information functions


_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to